[Webkit-unassigned] [Bug 60931] [Chromium] crash after r86584 due to calling willRemoveWheelEventHandler too many times
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 22 07:00:42 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=60931
--- Comment #3 from Rob Bradford <rob at robster.org.uk> 2011-07-22 07:00:42 PST ---
My notes from the duplicated bug:
void Document::didRemoveWheelEventHandler()
{
ASSERT(m_wheelEventHandlerCount > 0);
--m_wheelEventHandlerCount;
Frame* mainFrame = page() ? page()->mainFrame() : 0;
if (mainFrame)
mainFrame->notifyChromeClientWheelEventHandlerCountChanged();
}
When navigating from the page.
I observe the following from the backtraces
#0 WebCore::Document::didAddWheelEventHandler (this=0x74b240)
at /home/rob/src/efl-webkit/source/WebKit/Source/WebCore/dom/Document.cpp:5050
and then
#0 WebCore::Document::didRemoveWheelEventHandler (this=0x856fa0)
at /home/rob/src/efl-webkit/source/WebKit/Source/WebCore/dom/Document.cpp:5059
and then
#0 WebCore::Document::didAddWheelEventHandler (this=0x856fa0)
at /home/rob/src/efl-webkit/source/WebKit/Source/WebCore/dom/Document.cpp:5050
So from my observations the Document inside the Frame has changed before the code that's doing the tidy up to remove the handlers gets called.
i.e. we would expect the call to didRemoveWheelEventHandler to act on 0x74b240.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list